clean php files from eval infection

I needed to help a friend to clean all his files from an eval type attack so I used the code bellow to clean all his files. In $str var I put the virus code that was injected (in my case a hidden redirected code)

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

$str='eval(base64_decode("CmVycm9yX3JlcG9... your part of the infected code ....=="));';

functionfind_all_files($dir)

{

global$global_counter;

$result=array();

$root=scandir($dir);

if(is_array($root)){

foreach($root as$value){

if($value==='.'||$value==='..'){continue;}

$global_counter++;

if(is_file("$dir/$value")){

if(substr($value,-3)=='php'){

$result[]="$dir/$value";continue;

}

}

else{

$file_list=find_all_files("$dir/$value");

if(is_array($file_list)){

foreach($file_list as$value){

if(substr($value,-3)=='php'){

$result[]=$value;

}

}

}

}

}

}

return$result;

}

$result=find_all_files('.');

foreach($result as$filename){

if($filename=='./cleaner.php')continue;

$file=file_get_contents($filename);

$file=str_replace($str,'',$file);

file_put_contents($filename,$file);

echo'. ';flush();

}

You can download the code here and then run it through the webserver.cleaner.php